Vashandisi havavimbike. Kazhinji, vane usimbe uye vanosarudza kunyaradza pane kuchengeteka. Maererano nenhamba, 21% vanonyora pasi mapassword avo eakaunti yebasa pabepa, 50% inoratidza mapassword akafanana ebasa uye masevhisi emunhu.
Mhoteredzo inovengawo. 74% yemasangano anobvumira zvishandiso zvemunhu kuti zviunzwe kushanda uye zvakabatanidzwa kune network yemakambani. 94% yevashandisi haigone kusiyanisa pakati peemail chaiyo neye phishing, 11% yakadzvanya pane zvakabatanidzwa.
Matambudziko ese aya anogadziriswa nekambani yeruzhinji kiyi zvivakwa (PKI), iyo inopa mail encryption uye huchokwadi, uye inotsiva mapassword nezvitupa zvedhijitari. Izvi zvivakwa zvinogona kusimudzwa paWindows Server. Maererano ne
Asi mhinduro yeMicrosoft inodhura zvakanyanya.
Yese Mutengo Wevaridzi weMicrosoft Private CA
Mutengo wekuenzanisa wevaridzi pakati peMicrosoft CA neGlobalSign AEG.
Mune akawanda mamiriro, zviri nyore uye zvakachipa kugadzira imwechete yakavanzika setifiketi chiremera, asi nekutonga kwekunze. Iri ndiro chairo dambudziko rinogadziriswa neGlobalSign Auto Enrollment Gateway (AEG). Mitsetse yakati wandei yemari inobviswa pamutengo wakazara wevaridzi (kutenga zvekushandisa, mari yekutsigira, kudzidziswa kwevashandi, nezvimwewo). Kuchengeta kunogona kudarika
Chii chinonzi AEG
AEG inosanganisirwa neActive Directory, ichibvumira masangano kuti aite otomatiki kunyoreswa, kupa uye manejimendi eGlobalSign zvitupa zvedhijitari munzvimbo yeWindows. Nekutsiva maCA emukati neGlobalSign masevhisi, mabhizinesi anowedzera kuchengetedzeka uye kuderedza mutengo wekutarisira yakaoma uye inodhura yemukati Microsoft CA.
GlobalSign SaaS Certificate Services isarudzo yakavimbika pane isina kusimba uye isina kutungamira zvitupa pazvivakwa zvako. Kubvisa kudiwa kwekutonga resource-yakanyanya mukati CA kunoderedza mutengo wakazara wevaridzi wePKI, pamwe nenjodzi yekutadza kwehurongwa.
Tsigiro yeSCEP uye ACME mapuroteni anowedzera rutsigiro kupfuura Windows, kusanganisira otomatiki kuburitsa zvitupa zveLinux maseva, nharembozha, network zvishandiso, uye zvimwe zvishandiso, pamwe neApple OSX makomputa akanyoreswa muActive Directory.
Enhanced Security
Pamusoro pekuchengetedza mari, kunze kwePKI manejimendi inovandudza kuchengetedzeka kwehurongwa. Sezvinocherechedzwa neAberdeen Boka rekudzidza, zvitupa zviri kuramba zvichinangwa nevanorwisa vanobudirira kushandisa zvisizvo zvinozivikanwa senge zvitupa zvisina kuvimbwa zvakasaina, encryption isina simba, uye nzira dzinonetsa dzekubvisa. Pamusoro pezvo, vapambi vakagona hunyanzvi hwakanyanya, sekuburitsa zvitupa zvechitsotsi kubva kumaCA anovimbwa uye zvitupa zvekunyepa zvekusaina kodhi.
"Mabhizinesi mazhinji haatarise njodzi dzine chekuita nekurwiswa uku uye haana kugadzirira kukurumidza kupindura kune kutengeserana,"
Iyo AEG inoshanda sei
Iyo yakajairwa AEG sisitimu inosanganisira zvina zvakakosha zvikamu kuti ive nechokwadi chekuti zvitupa zvinotumirwa kunzvimbo dzakakodzera dzekuwana:
- AEG software paWindows server.
- Active Directory maseva kana domain controller inobvumira vatariri kutonga uye kuchengetedza ruzivo nezve zviwanikwa.
- Endpoints: vashandisi, zvishandiso, maseva uye nzvimbo dzekushandira - ingangoita chero chinhu chiri "mutengi" wedhijitari zvitupa.
- A GlobalSign Certification Authority, kana GCC, inogara pamusoro pechitupa chakavimbika chekuburitsa uye chikuva chekutungamira. Apa ndipo panogadzirwa zvitupa.
Zvitatu zvezvikamu zvina zvinoratidzwa zviri-panzvimbo pamutengi, uye chechina chiri mugore.
Chekutanga, mapeji ekupedzisira anofanogadzirirwa uchishandisa marongero eboka: semuenzaniso, kusimbiswa kwechitupa chechokwadi chemushandisi, S/MIME chikumbiro chechitupa, zvichingodaro - kune inotevera kubatana kune AEG server. Kubatana kwakachengeteka neHTTPS.
Iyo AEG server inobvunza Active Directory kuburikidza neLDAP yerunyorwa rwezvitupa matemplate eaya ekupedzisira uye inotumira runyoro kune vatengi pamwe nenzvimbo yeCA. Mushure mekugamuchira iyi mitemo, iyo yekupedzisira inobatana neAEG server zvakare, ino nguva yekukumbira zvitupa chaizvo. AEG, zvakare, inogadzira kufona kweAPI ine yakatarwa paramita uye inotumira kuGlobalSign Certification Authority kana GCC kuti igadziriswe.
Chekupedzisira, iyo GCC yekumashure inogadzirisa zvikumbiro, kazhinji mukati memasekondi mashoma, uye inotumira mhinduro yeAPI pamwe nechitupa chinozoiswa pamagumo pakukumbira.
Maitiro ese anotora masekonzi mashoma uye anogona kuve akazara otomatiki nekugadzirisa endpoints kuti uwane otomatiki zvitupa uchishandisa marongero eboka.
AEG Unique Features
- Iwe unogona kunyoresa kuburikidza ne MDM chikuva.
- Yakagadzirwa nevaimbova vashandi kubva kuMicrosoft Crypto timu.
- Solution pasina mutengi.
- Kuitwa kwakareruka uye manejimendi ehupenyu.
Mienzaniso yezvivakwa
Saka, ekunze PKI manejimendi kuburikidza neGlobalSign AEG gedhi zvinoreva kuwedzera kuchengetedzeka, kuchengetedza mutengo uye kuderedza njodzi. Imwe bhenefiti iri nyore scalability uye yakagadziridzwa kuita. PKI yakanyatsogadziriswa inova nechokwadi chenguva refu, inobvisa kukanganisa kumabasa akakosha nekuda kwezvitupa zvisina basa, uye inopa vashandi vari kure, kuwana kwakachengeteka kune network network.
GlobalSign mutungamiri wepasi rose mukupa gore uye networked PKI mhinduro dzekuzivikanwa uye kuwana manejimendi. Kuti uwane rumwe ruzivo nezvechigadzirwa, ndapota taura
Source: www.habr.com